If you network with the outside world, Docker behaves as if the request is coming from the host machine. But if you want to access processes that run on host, your firewall may need a little extra configuration.
Solution: Add a firewall rule for 172.18.0.0/16
If you just tried to access a process running on the host computer as an HTTP service, you may have been blocked. This is because even though Docker containers run on hosts, they use certain special networks under the hood to keep them logically separated, and therefore they have different IP addresses.
You can see this while driving
ifconfig, you see your usual network interface, but also
docker0 interface. By default, Docker uses block 1
The correction is very simple – open this door area in your firewall. Inquiries from the IP area that Docker uses are likely to be blocked. It is a private IP address range, so there is minimal risk of having it open. For UFW it would be:
sudo ufw allow from 172.18.0.0/24
Optionally specify a port to open:
sudo ufw allow from 172.18.0.0/24 to any port 9200
iptables, It should be:
iptables --append INPUT --protocol tcp --src 172.18.0.0/24 --jump DROP
For managed hosting services like AWS, you may not need to change anything – security groups are network firewalls that sit in front of instances and should not affect internal traffic.